On Tue, 27 Mar 2007 09:12:34 -0400, "Mike Hall - MS MVP"
AVG 7.5 free version anti-virus is an excellent product that will cost you
nothing, and is not anything like as invasive as McAfee or Norton.. it
updates daily, and users of it report back only good things..
Yep; that's what I use, too. Caveat: If...
- you are on dial-up
- your email disconnects when "done"
....then UNselect the email scanner component on install.
Also, by default, AVG scans "the system" at 8 am daily, which is often
when folks start their working day. That would cause "AVG slows down
my PC" complaints, so I always turn it off.
A firewall and NAT router will stop unsolicited stuff getting to your
computer.. what neither of them will stop is a user unwittingly letting bad
stuff in.. an anti-virus solution is just one line of defense..
Yup. Firewall, NAT, and getting rid of WiFi if you don't use it, are
your first barriers, or your "forward strikers", to use a soccer
analogy. Your single resident av is your "goalie of last resort".
In between that, one can do many other things...
- safer system and UI settings
- kill admin shares
- stop autorunning newly-inserted drives
- choose safer edge-facing apps
- keep the OS updated
- passive "vaccination" a la Spyware Blaster
- apply data hygiene, i.e. keep riskware out of data backups
- route riskware into a common subtree
- aim a tier of on-demand scanners at that subtree
- build your own "safe hex" skills
- prepare for when you have to formally manage malware
You should also run (and update regularly) SpywareBlaster, a utility that
immunizes IE against attack, requiring no user dependency other than
updating..
Yep, I like that one, too ;-)
These two can't do it all by themselves, so you may also want to run either
Ewido or Trend Housecall on line scans now and again...
Er, no - I'm not a fan of picking a fight with running malware (e.g.
"scan the whole system every night from within ?infected Windows, in
case your av missed something") and I'm even less a fan of:
- reaching an "online scanning site" via ?malware-poisoned DNS
- allowing that site to drop and run active content on the PC
- staying online while that dropped code gropes all my files
The only use I'd make of on-line scanners is to upload files to be
tested, *before* groping or "opening" those files.
Ewido is now AVG AntiSpyware 7.5, and acquiring it was a very shrewd
move for AVG... vastly boosts their cred ;-)
Still needed, IMO. As long as it's compitent, it doesn't matter which
one you use; free AVG updated daily would likely be better protection
than Kaspersky that the user updates only once a week.
The important thing to remember is that various anti-malware tactics
mesh in ways that compliment each other, whereas applying the same
tactic multiple times (e.g. running multiple av scanners and doing
nothing else) meshes far more poorly.
Some barriers are narrow, but absolute.
For example, if malware relies on admin shares to enter via clickless
attack, and you don't have admin shares exposed, your are absolutely
protected against that attack.
To any number of attacks that use a different method, you're just as
wide open as before - so it is a narrow protection.
Other barriers are broad, but leaky.
For example, a resident av should "catch" malware as it tries to be
created as a file, or is loaded into memory, before it can run - so
the protection is broad, because it works no matter what methods the
malware used to get into the system.
But all mugshot-recognition scanners will fail to detect malware that
is any one or more of...
- too "new" to be recognised
- seldom exposed in the wild, so unknown to the av vendor
- legitimate software dropped and run for malware purposes
....and will also fail if other active malware has disabled it.
Even "safe hex" has its limits.
Yes, you'd apply the "Turing Test" even when getting mail "from
someone you know", because you know very well that malware is most
often from infected PCs that have your email address visible on it
(i.e. "someone you know").
So if you aren't convinced an actual human user chose to send that
message and those specific attached files, you'd not "open" them, no
matter how clean the av thinks they are.
But what if "someone you know" is infected with a malware that infects
the "data" files the user really does intend to send? Your "safe hex"
doesn't get traction in that context, so you'd hope the av scanner
would catch the ball. It is likely to do so, as n-generation spread
by infecting "real" files is usually slow enough for the av to update
itself with an awareness of that malware before it reaches you.
We look beyond what dumb retail tries to sell us (as an OEM, I discard
buldleware Norton AV "starter" CDs that fall out of the box when I
assemble PCs) and use either free stuff like AVG, Avast and what used
to be called AntiVir, or if we do buy feeware, it's something
best-of-breed like Kaspersky (thourough) or NOD32 (light on
performance impact and pretty good) or F-Secure (multiple scanning
engines including Kaspersky; may impact performance).
But we do a lot more than "in av we trust" ;-)
--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!